Add AEAD and GHASH functions

include/gmssl/aead.h

@@ -15,6 +15,7 @@
 #include <gmssl/sm3.h>
 #include <gmssl/sm4.h>
 #include <gmssl/zuc.h>
+#include <gmssl/gcm.h>
 
 #ifdef __cplusplus
 extern "C" {
@@ -60,16 +61,22 @@ int sm4_ctr_sm3_hmac_decrypt_finish(SM4_CTR_SM3_HMAC_CTX *ctx, uint8_t *out, siz
 
 
 typedef struct {
+	SM4_CTR_CTX enc_ctx;
+	GHASH_CTX mac_ctx;
+	uint8_t Y[16]; // E(K, Y_0)
+	size_t taglen;
+	uint8_t mac[16];
+	size_t maclen;
 } SM4_GCM_CTX;
 
 int sm4_gcm_encrypt_init(SM4_GCM_CTX *ctx,
 	const uint8_t key[SM4_KEY_SIZE], const uint8_t *iv, size_t ivlen,
-	const uint8_t *aad, size_t aadlen);
+	const uint8_t *aad, size_t aadlen, size_t taglen);
 int sm4_gcm_encrypt_update(SM4_GCM_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
 int sm4_gcm_encrypt_finish(SM4_GCM_CTX *ctx, uint8_t *out, size_t *outlen);
 int sm4_gcm_decrypt_init(SM4_GCM_CTX *ctx,
 	const uint8_t key[SM4_KEY_SIZE], const uint8_t *iv, size_t ivlen,
-	const uint8_t *aad, size_t aadlen);
+	const uint8_t *aad, size_t aadlen, size_t taglen);
 int sm4_gcm_decrypt_update(SM4_GCM_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
 int sm4_gcm_decrypt_finish(SM4_GCM_CTX *ctx, uint8_t *out, size_t *outlen);
 

include/gmssl/gcm.h

@@ -44,6 +44,20 @@ extern "C" {
 void ghash(const uint8_t h[16], const uint8_t *aad, size_t aadlen,
 	const uint8_t *c, size_t clen, uint8_t out[16]);
 
+typedef struct {
+	gf128_t H;
+	gf128_t X;
+	size_t aadlen;
+	size_t clen;
+	uint8_t block[16];
+	size_t num;
+} GHASH_CTX;
+
+void ghash_init(GHASH_CTX *ctx, const uint8_t h[16], const uint8_t *aad, size_t aadlen);
+void ghash_update(GHASH_CTX *ctx, const uint8_t *c, size_t clen);
+void ghash_finish(GHASH_CTX *ctx, uint8_t out[16]);
+
+
 int gcm_encrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *iv, size_t ivlen,
 	const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
 	uint8_t *out, size_t taglen, uint8_t *tag);